github
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh
1
0
Fork 0
Code Issues Releases Wiki Activity

Added section 'Update service principal password' for when the service principal password expires

master
Adam Bulgatz 2024-10-03 00:52:05 -05:00
parent d6af95521d
commit 495dc16d22
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
How-to-use-Azure-DNS.md

@ -214,3 +214,30 @@ export AZUREDNS_CLIENTSECRET="e.L8Q~4jGhWHheCKjdRzw3gyBBwOmrTyYF9NYbxs" # pass
acme.sh --issue --dns dns_azure -d example.com -d www.example.com
```
#### Update service principal password
The service principal credentials may eventually expire.
Some acme.sh renewal errors that are signs of the credentials expiring:
- `no acccess token received. Check your Azure settings`
- `access denied make sure your Azure settings are correct`
```
az ad sp list --filter "displayname eq 'AcmeDnsValidator'" | grep '^ \"id\":'
```
(The `grep` above is assuming a json array of nested lists is returned with a tab size of two spaces and is finding the top-level `id`)
```json
"id": "daaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
```
```
az ad sp credential reset --id daaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
```
Update `~/.acme.sh/account.conf` with the new credentials.
(See [az ad sp credential](https://learn.microsoft.com/en-us/cli/azure/ad/sp/credential?view=azure-cli-latest#az-ad-sp-credential-reset) for details)